Lexmark MX321 Embedded Web Server--Security Administrator s Guide - Page 19
Using Kerberos, Creating a Kerberos login method, Setting the date and time
View all Lexmark MX321 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
Managing login methods 19 Using Kerberos You can use this login method by itself or in conjunction with the LDAP+GSSAPI login method. Notes: • Only one Kerberos configuration file can be saved on the printer memory. This configuration file can apply to multiple realms and Kerberos Domain Controllers. • Uploading another configuration file or updating the Kerberos settings overwrites the saved configuration file. • If you want to delete a Kerberos file, then delete first the LDAP+GSSAPI login method that is using the file. • Administrators must anticipate the different types of authentication requests the Kerberos server might receive, and configure the configuration file to handle the requests. • Kerberos relies on an external server for authentication. If the server is down, then users are not able to access the printer using LDAP. • To help prevent unauthorized access, log out from the printer after each session. Creating a Kerberos login method 1 From the Embedded Web Server, click Settings > Security > Login Methods. 2 From the Network Accounts section, click Add Login Method > Kerberos. 3 Do one of the following: Create a simple Kerberos configuration file From the Generate Simple Kerberos File section, configure the following: • KDC Address-Type the IP address or host name of the KDC IP. • KDC Port-Enter the port number used by the Kerberos server. • Realm-Type the realm used by the Kerberos server. The realm must be typed in uppercase. Import a Kerberos configuration file In the Import Kerberos File field, browse to the krb5.conf file. 4 If necessary, from the Miscellaneous Settings section, configure the following settings: • Character Encoding-Select the character encoding used for the configuration file. • Disable Reverse IP Lookups 5 Click Save and Verify. Setting the date and time When using Kerberos authentication, make sure that the time difference between the printer and the domain controller does not exceed five minutes. You can manually update the date and time settings or use the Network Time Protocol (NTP) to sync the time with the domain controller automatically. 1 From the Embedded Web Server, click Settings > Device > Preferences > Date and Time.